calendar-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown files providing strategic guidance and messaging templates. No executable scripts (Python, JavaScript, Bash), binaries, or configuration files were found in the package.
- [PROMPT_INJECTION]: A theoretical indirect prompt injection surface exists as the skill instructions guide the agent to ingest external data from LinkedIn profiles and public news (Phase 2 and 3 in
SKILL.md). However, the skill does not provide automated prompts or data interpolation logic that would execute these instructions, posing no active risk. - [SAFE]: No obfuscation, credential harvesting, or unauthorized remote code execution patterns were detected. All external service references (e.g., LinkedIn, Hunter.io, Apollo) are standard industry tools consistent with the skill's stated purpose of sales prospecting.
Audit Metadata